Vulnerabilities

CVE-2020-15712

by Fred · 28/07/2020

rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to view arbitrary files on the system.

Date published : 2020-07-28

https://exchange.xforce.ibmcloud.com/vulnerabilities/184938

https://www.rconfig.com/downloads/v3-release-notes

Similar

Tags: Cybersecurity Alert